{"api_version":"1","generated_at":"2026-04-23T00:59:36+00:00","cve":"CVE-2023-34143","urls":{"html":"https://cve.report/CVE-2023-34143","api":"https://cve.report/api/cve/CVE-2023-34143.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-34143","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-34143"},"summary":{"title":"CVE-2023-34143","description":"Improper Validation of Certificate with Host Mismatch vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Man in the Middle Attack.This issue affects Hitachi Device Manager: before 8.8.5-02.","state":"PUBLIC","assigner":"hirt@hitachi.co.jp","published_at":"2023-07-18 03:15:00","updated_at":"2023-07-27 17:06:00"},"problem_types":["CWE-295"],"metrics":[],"references":[{"url":"https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-125/index.html","name":"https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-125/index.html","refsource":"MISC","tags":[],"title":"Multiple Vulnerabilities in Hitachi Device Manager: Software Vulnerability Information: Software: Hitachi","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-34143","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-34143","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"34143","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"hitachi","cpe5":"device_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"34143","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"34143","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-34143","ASSIGNER":"hirt@hitachi.co.jp","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"Improper Validation of Certificate with Host Mismatch vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Man in the Middle Attack.This issue affects Hitachi Device Manager: before 8.8.5-02.\n\n"}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-297 Improper Validation of Certificate with Host Mismatch","cweId":"CWE-297"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Hitachi","product":{"product_data":[{"product_name":"Hitachi Device Manager","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"versions":[{"changes":[{"at":"8.8.5-02","status":"unaffected"}],"lessThan":"8.8.5-02","status":"affected","version":"0","versionType":"custom"}],"defaultStatus":"unaffected"}}]}}]}}]}},"references":{"reference_data":[{"url":"https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-125/index.html","refsource":"MISC","name":"https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-125/index.html"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"advisory":"hitachi-sec-2023-125","discovery":"UNKNOWN"},"impact":{"cvss":[{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":5.6,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L","version":"3.1"}]}},"nvd":{"publishedDate":"2023-07-18 03:15:00","lastModifiedDate":"2023-07-27 17:06:00","problem_types":["CWE-295"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.1,"baseSeverity":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:hitachi:device_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"8.8.5-02","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":null,"notes":[]}}}